CVE-2006-0908

Name of the Vulnerable Software and Affected Versions PHP-Nuke version 7.8 Patched 3.2

Description The issue allows remote attackers to bypass SQL injection protection mechanisms. This can be achieved via /* sequences with the "ad click" word in the query string. For example, this can be demonstrated via the kala parameter in a request to an API endpoint such as "/%2a".

Recommendations For PHP-Nuke version 7.8 Patched 3.2, consider restricting access to the kala parameter in the affected API endpoint until a patch is available. As a temporary workaround, avoid using the parameter kala in requests to minimize the risk of exploitation.